Date of Graduation

12-2024

Document Type

Thesis

Degree Name

Master of Science in Computer Science (MS)

Degree Level

Graduate

Department

Electrical Engineering and Computer Science

Advisor/Mentor

Farnell, Chris

Committee Member

Pan, Yanjun

Second Committee Member

Jin, Ding (Kevin)

Keywords

Cybersecurity Testbed; Cybersecurity Workforce Development; Dataset Generation; ICS Security; OT Security

Abstract

Machine learning has seen an explosive rise in the past decade. Companies, organizations, and governments are racing to pursue the advancements and insight provided by machine learning powered tools. However, to get effective and meaningful insights from machine learning models a significant amount of detailed data is required to train them. This poses a problem in fields where data is not openly available, such as cybersecurity. Entities are often unwilling to give out network or system data to the public for machine learning and cybersecurity research since that data can contain sensitive or proprietary information. The risk simply outweighs the reward. This has led researchers to create synthetic datasets using testbeds and cyber-ranges. These testbeds and cyber-ranges are used to instruct students on cybersecurity attack and defense strategies, perform realistic cybersecurity experiments, and create data to train effective machine learning models. However, these testbeds and cyber-ranges often have insufficient network and system fidelity, lack the diversity of systems, networks, and traffic necessary for machine learning, simulate network topologies that are dissimilar to production environments, or do not address the growing convergence of IT/OT networks and devices. To address these issues a multi-purpose cybersecurity testbed is proposed and implemented; TROY: Testbed for Resilient Operational sYstems. This joint project aims to fix the realism, fidelity, and scalability concerns of previous testbed designs, address IT/OT convergence through an expansive network design guided by NIST 800-82r3 and facilitate rigorous cybersecurity experimentation and workforce development through a diverse cast of services and systems.
This paper first discusses the three key motivations, cybersecurity experimentation, workforce development, and dataset generation, in detail. It then discusses the various testbed and cyber-range design decisions and implementation types. A survey and comparison of existing open-source datasets and testbeds is then conducted, which highlights the key limitations and features of earlier implementations. From this analysis six key testbed features are outlined. The technology platform of TROY and design philosophy guided by NIST 800-82r3 is then discussed. A thorough description of the configuration of services, systems, and networks is then provided. Finally, an analysis of TROY’s adherence to the six key features and a conclusion of its applications in cybersecurity experimentation, dataset generation, and workforce development is detailed.

Download

Share

COinS